Is Uber leaving its information on users open to hackers?

Just as the negative stories surrounding ride-sharing app Uber were receding, reports of lax data security practices have emerged, in which a job candidate was able to access information on Uber users.

A Washington Post article claims an interviewee for the start-up was given carte-blanche access to both present-day and historical information on all Uber users.

The interviewee “said he got the kind of access enjoyed by actual employees for an entire day, even for several hours after the job interview ended.

“He happily crawled through the database looking up the records of people he knew – including a family member of a prominent politician – before the seemingly magical power disappeared.”

Considering the company is a start-up, is going through some absolutely ludicrous growth, and has been called up on related issues before, it shouldn’t be a major surprise if this is all true.

At one event, the company once showed its ‘God View’ mode on a big screen to entertain guests. God View basically showed where particular people were on their journey, where they came from, and where they were going.

On other occasions, the company has had to apologise for claiming that smear campaigns against critical journalists is the way forward. Other journalists have been warned of the power of Uber decision-makers, and that accessing personal files is always a risk.

Uber has also faced criticism for its hiring policies and sexist marketing campaigns in some parts of the world. Also, major cities such as Toronto and Berlin have campaigned against the service being available in their jurisdictions.

When The Washington Post first put this latest gaffe to the company, Uber responded: “As a matter of security, we don’t discuss publicly the details of our security.”

The company has since clarified its position. “Our data privacy policy applies to all employees: access to and use of data is permitted only for legitimate business purposes. Data security specialists monitor and audit that access on an ongoing basis. Violations of this policy do result in disciplinary action, including the possibility of termination and legal action.”